MohamedChakroun (Customer) asked a question.
Authentication manager's HA and LB
Hello,
We have an RSA setup with one Primary and one Replica Authentication Manager. We are integrating RSA with an external authentication system called MyID. In the MyID configuration, there is only one field available where we specify the primary RSA server IP address
My questions are:
- If the Primary AM fails, in my case will the authentication requests automatically redirect to the Replica AM?
- If not, is there a way to configure a load balancer in front of the two AM instances (Primary and Replica) and use a VIP in the MyID configuration?
Any guidance or best practices for ensuring high availability in this scenario would be greatly appreciated!
@MohamedChakroun (Customer),
Are you referring to https://www.myid.gov.au/? I just checked our RSA Ready partner implementation guides (https://community.rsa.com/s/technology-partners) and do not see MyID as a partner. Do you know what authentication protocol they use? If it's RADIUS, it can be set up as a RADIUS client to the Authentication Manager RADIUS server.
I can say on the Cisco side in the ASDM you only define a primary authentication server and load balancing happens between the servers without manually defining the replica.
You would have to check with MyID to see how to configure their system. And let them know that they can become part of our partner team by completing the RSA Ready Application Form.